On Wed, Jul 16, 2003 at 02:45:38PM +0100, Randy Orrison wrote:
> David Fokkema wrote:
> | On Wed, Jul 16, 2003 at 11:26:35AM +0100, Randy Orrison wrote:
> |>David Fokkema wrote:
> |>|Many, many mails were downloaded (thanks to this fine group, :-) and
> |>|almost immediately, my server became irresponsive.
> |>[In exim.conf:]
> |>deliver_load_max = 4
> |>queue_only_load = 4
> |
> | This seems very nice! Have to try out if amavis is run before or after
> | queueing (is this a word?) otherwise this won't have effect. If amavis
> | is run _after_ queueing and before delivery, this is great!
>
> I should have mentioned that I don't know how amavis fits into the
> equation. In my case, spamassassin was being run by procmail which was
> being run when the messages were delivered, so queueing instead of
> delivering when the load was high was exactly the right thing to do.
>
> Let us know how it goes.
I re-enabled amavis and ran a script to send 10 mails to my server.
Wham! Load instantly shot up. I was glad I only sent 10 mails...
deliver_load_max works perfectly. Sending 50 mails to my server
increases the load to about 17, but after it hit the specified value, no
more deliveries are started and everything is queued. The running amavis
/ clamscan processes are allowed to finish, so the load is up,
temporarily, and decreases again. This way, my system is only allowed a
small 'hiccup'. During queue run, deliveries are only one message at a
time, so no problem there...
Thank you very much! No more DoS attacks to be feared just by sending a
number of mails...
David